The incomplete path information arose from incomplete audit information. In
AVC.get_path() we search for in priority order "file","path","name" in the audit
information. The first entry which is defined is returned as the path
information. It was coded this way because the full path information is not
always available and the thinking was some information is better than none. As
can be seen in the raw AVC only "name" is defined, which is actually the base name.
When setroubleshoot generates a report it utilizes the information returned by
AVC.get_path() without consideration as to whether it is a complete path.
Although the original intent of providing the best available path information
was well intentioned it is clear that because other parts of the system do not
know the path information was a compromise it can generate misleading information.
Yes, I would consider this a bug (although well intentioned :-)

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
release.

The code which handles path information has been completely rewritten in the new
2.0 setroubleshoot release, in addition the audit data which provides the
information has been reworked. We no longer make any assumptions concerning path
information, it's either present in the audit data or it isn't. If it isn't
present the path information will be presented as "<Unknown>".

setroubleshoot-2.0.2-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update setroubleshoot'